On 09/09/2012 02:41 AM, Arno Wagner wrote: > Hi all. > > I just wrote a very simple key-slot checker. It divides all > active keyslots into 512 byte sectors and calculates entropy > for each. For valid encrypted data, entropy will be close > to 0.95 on average (would be 1, but this is sample entropy, > calculated on a limited data set). Yes, this is something very useful. But 512 slots is quite small chunk of random data, there will be some false warnings I guess. (Adding add test for the whole keyslot combined with separate sectors? Not sure if it helps something though...) (Well, and it cannot obviously detect corruption with overwriting random data :) > No fancy output, no library usage (but verifies LUKS version), > support for non-default key-sizes and setting your own entropy > threshold. I put in 0.85 as default threshold, which should work > well. > > Now I am not sure where to put it. Should I put it in > misc/ in the sources? That seems to be sort of a contrib/ > directory. Or should we add a section in the Wiki for > tools? Parsing header on its own is something which should not be even in misc section (in the worst case it should include luks.h directly). But anyway, this could be integrated into luks format checker directly (and run in "check" cryptsetup command). (And the same random test perhaps should be in tests for large enough blocks - see tests/differ.c, there is nice fixme :-) I am just not sure introducing floating point in libcryptsetup is good idea. But perhaps this can be compile time option, if some ancient/embedded CPU/distro has problems here, so it can be compiled-out. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
